It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...

Section 215 of the USA PATRIOT Act will expire on June 1, 2015, unless congress extends it. It is important to note that this is NOT the entire USA Patriot Act as many politicians have claimed with their fearmongering. Section 215 needs to expire if we want to protect our privacy rights, and to support international business growth; our national...

An anonymous message board was the alleged target of several denial of service (DoS) attacks launched by the free VPN service Hola earlier this week. Israeli-based Hola is one of the most popular free virtual private network (VPN) providers today. It boasts seven million users of its Chrome extension alone. However, according to Frederick Brennan,...

Debit and credit card transactions are part of our daily lives. Very few people use cash nowadays as it is way more convenient to use a payment card for a purchase. Most of these transactions are performed through a standalone Point-of-Sale (POS) device, an Electronic Cash Registry (ECR) or through a Virtual Terminal (VT). Even though there is a...

Although wireless communication technologies have matured to a great extent, their related communication protocols and stack implementations are still encumbered by a number of well known security problems. WiFi (802.11) management packets are not cryptographically protected against eavesdropping, modification or replay attacks. WEP, WPA and WPA2...

A Facebook Messenger location tracking tool that lets you creepily track the movements of other Facebook users and plot them on a map.

A judge has ordered Yahoo, Inc. to face a class action lawsuit alleging that the company violated users’ privacy by scanning email messages for advertising purposes. In her 44-page decision, Judge Lucy Koh of the US District Court of Northern California explains that Yahoo is alleged to have scanned the contents of messages sent to Yahoo! Mail...

Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages. Trends, of course, come and go, and keeping up with what is currently the most in-demand...

I’m happy to report that the first ever Tripwire VERT capture the flag contest was a huge success. With competitors registered from across the globe, our vulnerable application saw thousands of connections coming from dozens of unique addresses along with a non-stop flood of flags, questions,and...

Over the years, I have written multiple articles on the subject of digital or cyber forensics and the importance it serves in supporting the modern world with regards to corporate and government incident response, first responder engagements, and more general aspects of scene-of-crime management in the digital age. Before we get into the detail,...

Earlier this month, several media outlets ran a story claiming that a new type of malware could be used to destroy victims’ computers. These stories might have fared well in views, but their fear, uncertainty, and doubt (FUD) have proven useful to no one. Fortunately, a number of security experts including Graham Cluley were quick to correct the...

The Internal Revenue Service has confirmed a data breach of 100,000 taxpayers' account information. According to a statement posted on the IRS website, criminals allegedly used sensitive information stolen from non-IRS sources to gain unauthorized access to taxpayers' accounts. To access the site, the criminals made use of stolen Social Security...

It's been almost a year since what some analysts consider the first successful major threat to mobile banking, known as Svpeng, hit the United States. Spreading via a text message campaign, the Svpeng malware went after Android phones. While Svpeng didn’t steal mobile banking credentials, it did detect the presence of certain mobile banking apps and...

A security firm has revealed that upwards of 2.8 million users have downloaded scareware masquerading as legitimate Minecraft apps off of Google Play Store. According to a blog post written by Lukas Stefanko, a Malware Researcher for ESET, 30 malicious applications pretending to be cheats for the popular computer game wereuploaded to Google Play...

For some reason, Europe’s ‘The Final Countdown’ was playing in my head as I sat and pondered this write-up. I suppose that’s fitting given that we are about to cross the 60-day mark until Windows Server 2003 goes End-of-Life. The concept of product EOL can be confusing, especially given the frequent cross-contamination that exists within Microsoft...

Last week, we explored the story of Randall Charles Tucker, a serial distributed denial of service (DDoS) attacker who targeted the websites of government authorities whom he felt were guilty of unjust behavior. We now report on the story of Brandon Bourret and Athanasios Andrianakis, two men who developed an app that searches through Photobucket...

Thousands of patients have been alerted that their medical records were potentially stolen in a data breach that affected at least three hospitals located in Bergen County, New Jersey. According to officials, an employee of Medical Management LLC, a healthcare billing company located in North Carolina, allegedly stole the names, Social Security...

While we're all collectively struggling with how to internalize Logjam, a high-profile vulnerability that doesn't have a catchy logo, I'd like to take those who are interested aside for a moment to consider how we might talk about the threat this vulnerability poses. I'll start with some basics, but if you want more technical details, the Tripwire...

We at Tripwire would like to encourage everyone to vote for their favorite security blogs in the third annual EU Security Blogger Awards 2015! Tripwire is especially proud to have been named a finalist for five categories in this year's awards among numerous other respected publications and professionals. The State of Security is in the running for...

A security researcher has made a ransomware removal kit available online with the hope that it will help security professionals and system administrators alike in responding to instances of ransomware infection. Researcher Jada Cyrus has published the kit on Atlassian Bitbucket. The kit itself consists of removal tools for common ransomware variants...